Announcement for release 1.27

[zirain]

No description provided.

[istio-policy-bot]

😊 Welcome! This is either your first contribution to the Istio documentation repo, or
it's been a while since you've been here. A few things you should know:

• You can learn about how we write and maintain documentation, our style guidelines,
  and the available web site features by visiting Contributing to the Docs.

• In the next few minutes, an automatic preview of your change will be built with
  a full copy of the istio.io website. You can find this preview by clicking on
  the Details link next to the deploy/netlify entry in the status section of this
  page.

• We care about quality, so we've put in place a number of checks to ensure our documentation
  is top-notch. We do spell checking, sanitize the Markdown, ensure all hyperlinks point to a
  valid location, and more. If your PR doesn't pass one of these checks, you'll see a red X in the
  lint_istio.io entry in the status section. Click on the Details link to get a list of the
  problems with your PR. Fix those problems and push an update; this will automatically re-run the
  tests. Hopefully this time everything will be perfect!

• Once your changes are accepted and merged into the repository, they will initially show up
  on https://preliminary.istio.io. The changes will be published to https://istio.io
  the next time we do a major release (which typically happens every 3 months or so).
  To publish them sooner, add a cherrypick/release-x.xx label, where x.xx is the current
  release of Istio.

Thanks for contributing!

Courtesy of your friendly welcome wagon.

[dhawton]

Partial pass on release notes, will continue reviewing later.

[dhawton]

Finished first pass over the change notes.

[sridhargaddam]

Should we add a note here that only debug images currently support this mode?

PS: Following is the tracker for including the nftables-slim in distroless images - istio/istio#57237

[dhawton]

A note for future, that should be part of the release notes yaml in the PR.

[craigbox]

Sorry, forgot to sent this yesterday

[craigbox]

Classic Gateway or Kubernetes Gateway?

[ramaraochavali]

Both

[zirain]

Added Add support for multiple server certificates in gateway (istio & gateway api)

it seems like to be both for the release notes.

[ramaraochavali]

yes. it is both

[ericdbishop]

Should this point to istio/istio#56308 where the design doc is referenced?

[zirain]

this's generated from the release notes in istio/istio, I'm fine if you want to highlight the design doc.

[dhawton]

We also don't link to pull requests, only issues. It's best to put design docs in the issue.

[craigbox]

There is no obvious issue; the issue linked is for something after the fact. 56529 didn't tell me anything; I had to work backwards to figure out what the thing was.

[zirain]

At least, it linked to the implement PR, and there's a design in the PR description.

[keithmattix]

@istio/release-managers-1-27 Something I just ran into: after istio/istio#56048, using an older istioctl or helm chart version with new istio-cni images will cause ambient enablement to break completely because the defaults are set in the install mechanism. Maybe something to call out in release notes? Maybe it's too much, but it took me a while to debug so I figured I'd bring it up.

Sidenote: we may want to consider patching the istio-cni code itself so that the default doesn't result in ambient being unusable...probably a good thing to target for a 1.27.1 release?

[howardjohn]

@istio/release-managers-1-27 Something I just ran into: after istio/istio#56048, using an older istioctl or helm chart version with new istio-cni images will cause ambient enablement to break completely because the defaults are set in the install mechanism. Maybe something to call out in release notes? Maybe it's too much, but it took me a while to debug so I figured I'd bring it up.

Sidenote: we may want to consider patching the istio-cni code itself so that the default doesn't result in ambient being unusable...probably a good thing to target for a 1.27.1 release?

I've run into the same but its a 100% invalid way to install Istio which has been broken for ~80% of versions (usually broken in different ways) so its not a new thing. I have also ran into this exact CNI issue and struggled to debug, though since I often pull latest

[craigbox]

There is no obvious issue; the issue linked is for something after the fact. 56529 didn't tell me anything; I had to work backwards to figure out what the thing was.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: zirain / name: zirain (3077597)

[dhawton]

/test easycla

[istio-testing]

@dhawton: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test doc.test.dualstack

/test doc.test.multicluster

/test doc.test.profile-ambient

/test doc.test.profile-default

/test doc.test.profile-demo

/test doc.test.profile-minimal

/test doc.test.profile-none

/test gencheck

/test lint

The following commands are available to trigger optional jobs:

/test update-ref-docs-dry-run

Use /test all to run the following jobs that were automatically triggered:

gencheck_istio.io

lint_istio.io

update-ref-docs-dry-run_istio.io

In response to this:

/test easycla

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[dhawton]

/easycla

[zirain]

what happen to [email protected]?

[dhawton]

Couple nits

[dhawton]

what happen to [email protected]?

Nothing. That's still my primary GH email address. Not sure what error easycla is having, nothing has changed irt my GH account in several years. Seems to also not like a commit co-authored by Keith.. so easycla/GH issue maybe? or it's not us.

[zirain]

what happen to [email protected]?

Nothing. That's still my primary GH email address. Not sure what error easycla is having, nothing has changed irt my GH account in several years. Seems to also not liking a commit co-authored by Keith.. so easycla/GH issue maybe? or it's not us.

it happen after I merged master, so I think it might not from our side.

[dhawton]

Ah yes.. the commit has "2 people and zirain" and the first of the "2 people" is an invalid zirain profile. So something isn't right in those commits.

[zirain]

Ah yes.. the commit has "2 people and zirain" and the first of the "2 people" is an invalid zirain profile. So something isn't right in those commits.

if you don't mind, let me merge them all into one commit to pass it?

[zirain]

/easycla